June 7, 2023

According to Microsoft, administrators can preempt attacks exploiting CVE-2022-30190 by disabling the MSDT protocol. This stops malicious actors from launching troubleshooters and from executing code on vulnerable systems.

The process for disabling the MSDT URL protocol on a Windows device is as follows:

  1. Run Command Prompt as an Administrator.
  2. To create a backup of the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt ms-msdt.reg“
  3. Then, execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f“
Advertisements

Once Microsoft issues a CVE-2022-30190 patch, administrators can undo the workaround by launching an elevated command prompt and executing the reg import ms-msdt.reg command

Though Microsoft notes that the Microsoft Office Protected View and Application Guard can block CVE-2022-30190 attacks, analysts discovered that the security feature does not block exploitation attempts if targets preview the malicious content in Windows Explorer.

It is advised that admins disable the Preview pane in Windows Explorer in order to remove the attack vector.

Tags:

1 thought on “Follina Mitigation Details Emerges

  1. Pingback: Chinese APT exploits Follina - TheCyberThrone

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: